At the beginning of the year the Information Commissioner’s Office launched a campaign called ‘Think. Check. Share.’ in partnership with education, law enforcement and social service organisations to raise awareness about responsible data sharing to protect children from harm.
This followed on from a 10-step practical guide outlining how organisations can safely and lawfully share information to safeguard children from physical, emotional or mental harm.
The UK Information Commissioner, John Edwards, released the following statement:
“Safeguarding children is everyone’s responsibility. We understand that frontline workers in these sectors are sometimes nervous about sharing personal data and the potential consequences this may have. However, if there are concerns that a child is at risk, organisations and their staff need to know they can share personal data to protect that child without falling foul of data protection law.
“Through our work with local organisations, we want to help improve child safeguarding by ensuring those working with children are empowered to share data in an appropriate, safe and lawful way.”
As the Commissioner states, organisations are sometimes unsure about sharing personal data - whether they are “allowed” to, what they can share, and under what circumstances. This is ironically due to data protection guidance and training often focusing largely on the dangers of sharing personal data!
The onus of this campaign is to address the dangers of not sharing personal data. Safeguarding is of utmost importance for schools and other organisations working with children and young people, and the ICO wants organisations to know that they will not be penalised for sharing personal data (appropriately) if they believe that it could protect a child from harm, even if under normal circumstances this would not be permissible under UK GDPR.
There have sadly been too many situations where children have come to serious harm or worse as a consequence of data not being shared between agencies. By sharing data where there is a concern, a better overview can be made of the situation, links made and ultimately action taken.
The main takeaway from this is that in the “rock, paper, scissors” of data sharing, Safeguarding beats UK GDPR and an organisation, or individual from that organisation, will not be penalised for sharing personal data if they make that disclosure in good faith, believing it to be necessary for the protection of a child.
That being said, please ensure staff have refresher training on Data Protection annually, as a trained and informed staff is best equipped to handle data responsibly.
Rachel Roberts,
Data Protection Lead - The Education Space